Is Lincense integrted with IPS Management IP Address?

Similar Messages

• Cant sign into iTunes with VPP manager email address

  Is anyone else having difficulty signing into iTunes with their Apple VPP account manager email address? I work as an IT contractor for a number of schools and in the past have set up VPP so that paid and free apps can be distributed via an MDM solution. Recently, the process by which we do this isn't working any more. Apple have admitted in emails that they have changed the way that VPP accounts are set up on their end and that during the transition some accounts were processed incorrectly (causing a lot of headaches and confusion). In one instance, we set up the VPP manager account using a distribution list email address of .*******. later, we enabled two step verification and provisioned the facilitator account. but when we sent to sign into the iTunes store with the management accounts email address, we got the error message: "this email is associated with he VPP program". We have told apple about this who replied with a frustrating tautology: "our records indicate that that address is associated with the VPP program, so you will have to use another email address to sign into iTunes." Trouble is, for the purposes of information management, we cant just sign into iTunes with any old email address, we have to use one provisioned by the education department, and they wont provision another email address for this.. Also, we have screenshots which demonstrate that it is possible to sign into iTunes with the program manager account at other schools, so what has changed? If this keeps up, I will have no choice but to recommend to all schools in future that they not go with Apple because their account provision system is not maintained at a professional level.  The fact that they are so slow moving on this makes me look bad and the lack of documentation is inexcusable given the massive profits they have been posting.  I will campaign vehemently against the use of apple in education unless this situation changes for the better.  Already one school on our books have had an absolute gut-full of and have sold off the 60 iPads they purchased in favor of Android tablets with custom ROMS. What is the solution and why is there no phone number for Apple VPP in Australia?
  <Edited by Host>

  I know this post is over a year old. We setup our VPP account in Feb last year. It's very frustrating.
  This is what I wrote to Apple.
  This whole system *****!!!!
  Seriously. I sign up under the old system and now we have to go through more doors to get in than a gold refinery.
  You honestly think your product is worth this much pain. Get real!!!
  I work at a school as THE ONLY IT Support Officer. I setup a generic user account for VPP under the old system so that the account was not tied to my name just in case I left or someone else had to take over the role. Now we cant use that account to manage the VPP account. We have to create other admin accounts. Trouble is, most of us already have our personal emails attached to iTunes accounts, AND YOUR SYSTEM WON'T LET US USE THESE ACCOUNTS TO BE ADMINS FOR OUR VPP ACCOUNT BECAUSE THEY ARE ALREADY ATTACHED TO AN ITUNES ACCOUNT!!!!!!!!!!!!!!!!!!!!!
  Now I'm home and I can't remember my logon password and cant recall my recovery key because it's all back at work on a system I cant access until 2 weeks from now when the school holidays are over.
  Well done Apple, you managed to make Microsoft look good!
  The generic email account we setup is a distribution list account for the purposes of adding and removing people as needed. Apples change now means that we have to create more email accounts. I won't be doing that any time soon, I already have 5 and not about to create moer.
  I too will not be recommending that schools go with Apple products. They are a consumer product, not an enterprise product. The promise you the world and all you get is pain.

• Configuring signature through IPS Manager in CSM3.0

  I was trying to customize the siganture with IPS manager in CSM3.0.Any changes in CSM3.0 only displays in the window but looks like it is not been applied to IDSM2 which has IPS v5.1.The same change If I make through IDM to idsm2
  it works fine.
  This how I am testing: Just changed the sev level (low to high) in one of the bulit in siganture (say 2100 sweep)
  from the IPS manager in CSM3.0.Then, when a traffic triggers that signature,the IPS Eventviewer still shows the sev level as "low" only.
  But if I do the same changes though IDM I can see the sev level as "high" in the IPS event viewer5.0.
  I also have 2 x 6500 with single IDSM2 on both switches.I could add only one IDSM2 to IPS manager (via DCR in comman services )and the other one I couldnot.Any suggestions please

  Hi,Thanks for your response.IPS Sensor is configured.I use the same username/password with priv15 through IDM as well.
  Here is the Problem Summary:
  ============================
  We are using CSM3.0 for managing IDSM2 modules and we are having the following difficulties
  I. Adding new IDSM2 sensor module into CSM3.0 through IPS
  II.Customization of any signature
  I.Adding new IDSM2 sensor module into CSM3.0 through IPS
  We followed up the below procedures to add the IDSM2 modules
  1.Go to CCS, device crenditials, select the type as cisco service modules and give the device crenditials like IP Address, username/password etc
  2.Go to IPS Manager, under device tab we could see the IDSM2 module has been added.Then go to sensor group and re-import it.It works fine ie we could add and see the same in IPS manager.
  Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS
  3.We could see that the same has been added into common services.But when we see in IPS Manager Device sensor or sensor group, we could not see the IDSM2 module.
  Only the 1st sensor is showed in the IPS window.So we couldnot re-import the second sensor in to the specified group ( the group is same as the 1st sensor)
  II.Customization of any signature:
  We followed up the above said procedures ( as per I 1 to 2) to add the IDSM2 modules
  Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS
  1.Go to configuration, select the IPS siganture5.1, apply some changes like
  Changing the sev level from ?low? to ? high? for one of the built in signature ( ID 2100) by tuning. The changes appear in the CSM IPS console. But it doesn?t apply to the IDSM module. After this change, if the signature triggers IEV should show the changed level ? high?. But the IEV still shows the old level for the signature ID 2100 as ?low? only. The main screen under device tab still shows that configuration as pending.ie it looks like the changes made in CSM/IPS manager doesn?t applied to IDSM2 module
  Note: If we make the same changes by using the IDM which behaves as expected.ie IEV shows the sev level for the tuned signatureID (2100) as ?high?
  Please suggest us where are we missing?
  Here are the details about the modules
  Module: IDSM2 module
  Ver: 5.1(1)S229.0V1.0
  CSM : 3.0
  IEV: 5.1.1

• Management ip address on a different vlan/bridge

  We have several standalone AP's. On our switches we have a data and a guest vlan. Perviously on Aironet AP I configured the ethernet interface with 802.1q trunking and I configure a subinterface with its management ip address. This all worked perfectly.
  No we bought some new one's (SAP2602) which has ios v15.2 (the old ones still have 14.3) and I applied the same config (changed the ip address and hostname of course), but the ip management of the AP does not work (Wireless clients works good, so no problem with 802.1q)
  COnfig (so both on old and new):
  bridge irb
  Interface GigabitEthernet0
   no ip address
   no ip route-cache
   duplex full
   speed 100
   no keepalive
   bridge-group 1
   no bridge-group 1 source-learning
   bridge-group 1 spanning-disabled
  interface GigabitEthernet0.90
   encapsulation dot1Q 90
   no ip route-cache
   bridge-group 90
   no bridge-group 90 source-learning
   bridge-group 90 spanning-disabled
  interface GigabitEthernet0.104
   encapsulation dot1Q 104
   ip address 10.104.70.1 255.255.0.0
   no ip route-cache
   bridge-group 104
   no bridge-group 104 source-learning
   bridge-group 104 spanning-disabled
  interface BVI1
   ip address dhcp client-id GigabitEthernet0
   no ip route-cache
  ip default-gateway 10.104.1.1
  Any ideas what's changed between new and old IOS or AP? (I only noticed that in the new AP the command "no ip route-cache") is not enabled anymore.

  I'd suggest to define vlan114 as native vlan and change the bridge group to 1
  interface GigabitEthernet0.104
  encapsulation dot1Q 104 native
  bridge-group1
  Remember to configure the trunk port the ap is connected as native vlan 104.
  Normally the ip address is configured under bvi interface,if still no change you can try it.
  That should work.
  Regards

• How to create an rule with action to subtract from the event log of Ips manager express console?

  how to create an rule with action to subtract from the event log of Ips manager express console?, some knows of has an guide?.
  Thank you.
  Sent from Cisco Technical Support iPad App

  Hi,
  http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a0080bc7910.shtml
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
  http://www.cisco.com/web/partners/tools/pdihd.html

• Assign management ip address with SCVMM 2012 R2 for hyper-v converged network?

  Hi,
  I am setting up a converged network for our Hyper-V clusters using vNICs for the different network traffic including management, live migration, cluster-csv, hyper-v etc.
  Problem is, how do I assign the hyper-v hosts a management IP address? They need a network connection on the management network for scvmm to manage them in the first place. How do I take the existing management IP address that is directly assigned to the
  host and transfer it directly to the new vNIC so scvmm has management of it? Kind of in a chicken and egg situation here. I thought about assigning a temp ip address to the host initially but am worried that assigning the address will cause problems as then
  the host would then have 2 default gateways configured. How have others managed this scenario?
  Thanks
  Microsoft Partner

  Rule of thumb: Use one connected network for your Fabric networks (read the whitepaper), and use VLAN based networks for your tenant VMs when you want to associate VM Networks with each VLAN.
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )
  We don't have tenants as such due to this being an environment on a private company LAN for sole use of the company virtual machines.
  What I have so far:
  I created "one connected network" for Hyper-V-Virtual-Machine traffic.
  Unchecked "Allow new VM networks created on this logical switch to use network virtualization"
  Checked "Create a VM network with the same name to allow vms to access this logical network directly"
  This logical network has one site called UK.
  Within this site I have defined all of the different VLANS for this site.
  Created IP pools for each VLAN subnet range.
  I hope I understand this correctly. Started reading the whitepaper from cover to cover now.
  Microsoft Partner

• Management IP Address inquiry in UCS

  We are starting to grow our UCS environment.  Due to that we are using more and more IP's in the pool we set aside for Management IP addresses.  Presently, our fabric interconnects reside in the same subnet (class C) as the pool we are using for Management IP's.  It looks as though each blade uses two IP's out of the Management Pool so we are exhausting the IP's that we set aside pretty quickly.  When I went to setup the UCS environment initially I went to use a subnet for the Management Pool that was different than the subnet being used for the fabric interconnects.  Unfortuantely, I was unable to connect to the KVM functionality with the Management Pool in a different subnet that the fabric interconnects.  When I changed the Management Pool IP's to the same subnet as the fabric interconnects the issue went away.  So I take it that the KVM functionality comes through the management interfaces of the fabric interconnects.
  My question is how do I provide a different subnet for my Management Pool.  I will run out of IP's in this one subnet eventually and will have to add another one in that is different from what the fabric interconnects are using.  Do I have to set the ports that the fabric interconnect management interfaces are plugged into for vlan tagging and then change the network configuration of the fabric interconnects?

  Russ,
  In the current version (up to 2.1) the Management IPs for blades are required to belong to the same subnet as the Management Interfaces of the Fabric Interconnects.  This is due to the way we proxy the KVM request from Management Interfaces to the Blades CIMC.  In a future release we're investigating breaking the blade IPs into their own subnet/VLAN but this is a ways out - no committed date at this time.
  We understand this puts quite a requirment on the size of the Management Subnet, but with proper design it shouldn't be much of an issue.
  Regards,
  Robert

• 4506 & SUP V Management IP address question.....

  Hello all, I have two questions. The new 4506 SUP V engines don't have the good old SCO interface that I'm used to. So, since it's running an IOS now instead of the old CATos, I figured I'l create a new vlan and then make it the management IP address by using the 'MANAGEMENT' command (like in the old 2900's). Well, that didn't work either, so my question is...on what int. do I configure the mgnt. IP address?
  -thank you....

  Russ,
  In the current version (up to 2.1) the Management IPs for blades are required to belong to the same subnet as the Management Interfaces of the Fabric Interconnects.  This is due to the way we proxy the KVM request from Management Interfaces to the Blades CIMC.  In a future release we're investigating breaking the blade IPs into their own subnet/VLAN but this is a ways out - no committed date at this time.
  We understand this puts quite a requirment on the size of the Management Subnet, but with proper design it shouldn't be much of an issue.
  Regards,
  Robert

• Too  Slow - Domino 6.5.4  with access manager agent 2.2 ?

  I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
  I think AMAgent.properties is not good for SSO.
  Please help me to tune it.
  # $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
  # Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
  # U.S. Government Rights - Commercial software. Government users are
  # subject to the Sun Microsystems, Inc. standard license agreement and
  # applicable provisions of the FAR and its supplements. Use is subject to
  # license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
  # trademarks or registered trademarks of Sun Microsystems, Inc. in the
  # U.S. and other countries.
  # Copyright ? 2002 Sun Microsystems, Inc. Tous droits r&#38303;erv&#38303;.
  # Droits du gouvernement am&#38302;icain, utlisateurs gouvernmentaux - logiciel
  # commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
  # licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
  # vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl&#38297;ents
  # ? celles-ci.
  # Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
  # Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
  # marques d&#38300;os&#38289;s de Sun Microsystems, Inc. aux Etats-Unis et dans
  # d'autres pays.
  # The syntax of this file is that of a standard Java properties file,
  # see the documentation for the java.util.Properties.load method for a
  # complete description. (CAVEAT: The SDK in the parser does not currently
  # support any backslash escapes except for wrapping long lines.)
  # All property names in this file are case-sensitive.
  # NOTE: The value of a property that is specified multiple times is not
  # defined.
  # WARNING: The contents of this file are classified as an UNSTABLE
  # interface by Sun Microsystems, Inc. As such, they are subject to
  # significant, incompatible changes in any future release of the
  # software.
  # The name of the cookie passed between the Access Manager
  # and the SDK.
  # WARNING: Changing this property without making the corresponding change
  # to the Access Manager will disable the SDK.
  com.sun.am.cookie.name = iPlanetDirectoryPro
  # The URL for the Access Manager Naming service.
  com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
  # The URL of the login page on the Access Manager.
  com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
  # Name of the file to use for logging messages.
  com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
  # This property is used for Log Rotation. The value of the property specifies
  # whether the agent deployed on the server supports the feature of not. If set
  # to false all log messages are written to the same file.
  com.sun.am.policy.agents.config.local.log.rotate = true
  # Name of the Access Manager log file to use for logging messages to
  # Access Manager.
  # Just the name of the file is needed. The directory of the file
  # is determined by settings configured on the Access Manager.
  com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
  # Set the logging level for the specified logging categories.
  # The format of the values is
  #     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
  # The currently used module names are: AuthService, NamingService,
  # PolicyService, SessionService, PolicyEngine, ServiceEngine,
  # Notification, PolicyAgent, RemoteLog and all.
  # The all module can be used to set the logging level for all currently
  # none logging modules. This will also establish the default level for
  # all subsequently created modules.
  # The meaning of the 'Level' value is described below:
  #     0     Disable logging from specified module*
  #     1     Log error messages
  #     2     Log warning and error messages
  #     3     Log info, warning, and error messages
  #     4     Log debug, info, warning, and error messages
  #     5     Like level 4, but with even more debugging messages
  # 128     log url access to log file on AM server.
  # 256     log url access to log file on local machine.
  # If level is omitted, then the logging module will be created with
  # the default logging level, which is the logging level associated with
  # the 'all' module.
  # for level of 128 and 256, you must also specify a logAccessType.
  # *Even if the level is set to zero, some messages may be produced for
  # a module if they are logged with the special level value of 'always'.
  com.sun.am.log.level =
  # The org, username and password for Agent to login to AM.
  com.sun.am.policy.am.username = UrlAccessAgent
  com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
  # Name of the directory containing the certificate databases for SSL.
  com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
  # Set this property if the certificate databases in the directory specified
  # by the previous property have a prefix.
  com.sun.am.certdb.prefix =
  # Should agent trust all server certificates when Access Manager
  # is running SSL?
  # Possible values are true or false.
  com.sun.am.trust_server_certs = true
  # Should the policy SDK use the Access Manager notification
  # mechanism to maintain the consistency of its internal cache? If the value
  # is false, then a polling mechanism is used to maintain cache consistency.
  # Possible values are true or false.
  com.sun.am.notification.enable = true
  # URL to which notification messages should be sent if notification is
  # enabled, see previous property.
  com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
  # This property determines whether URL string case sensitivity is
  # obeyed during policy evaluation
  com.sun.am.policy.am.url_comparison.case_ignore = true
  # This property determines the amount of time (in minutes) an entry
  # remains valid after it has been added to the cache. The default
  # value for this property is 3 minutes.
  com.sun.am.policy.am.polling.interval=3
  # This property allows the user to configure the User Id parameter passed
  # by the session information from the access manager. The value of User
  # Id will be used by the agent to set the value of REMOTE_USER server
  # variable. By default this parameter is set to "UserToken"
  com.sun.am.policy.am.userid.param=UserToken
  # Profile attributes fetch mode
  # String attribute mode to specify if additional user profile attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user profile attributes will be introduced.
  # HTTP_HEADER - additional user profile attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user profile attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
  # The user profile attributes to be added to the HTTP header. The
  # specification is of the format ldap_attribute_name|http_header_name[,...].
  # ldap_attribute_name is the attribute in data store to be fetched and
  # http_header_name is the name of the header to which the value needs
  # to be assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
  number,c|country
  # Session attributes mode
  # String attribute mode to specify if additional user session attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user session attributes will be introduced.
  # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
  # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
  # The session attributes to be added to the HTTP header. The specification is
  # of the format session_attribute_name|http_header_name[,...].
  # session_attribute_name is the attribute in session to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.session.attribute.map=
  # Response Attribute Fetch Mode
  # String attribute mode to specify if additional user response attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user response attributes will be introduced.
  # HTTP_HEADER - additional user response attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user response attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
  # The response attributes to be added to the HTTP header. The specification is
  # of the format response_attribute_name|http_header_name[,...].
  # response_attribute_name is the attribute in policy response to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.response.attribute.map=
  # The cookie name used in iAS for sticky load balancing
  com.sun.am.policy.am.lb.cookie.name = GX_jst
  # indicate where a load balancer is used for Access Manager
  # services.
  # true | false
  com.sun.am.load_balancer.enable = false
  ####Agent Configuration####
  # this is for product versioning, please do not modify it
  com.sun.am.policy.agents.config.version=2.2
  # Set the url access logging level. the choices are
  # LOG_NONE - do not log user access to url
  # LOG_DENY - log url access that was denied.
  # LOG_ALLOW - log url access that was allowed.
  # LOG_BOTH - log url access that was allowed or denied.
  com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
  # Agent prefix
  com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
  # Locale setting.
  com.sun.am.policy.agents.config.locale = en_US
  # The unique identifier for this agent instance.
  com.sun.am.policy.agents.config.instance.name = unused
  # Do SSO only
  # Boolean attribute to indicate whether the agent will just enforce user
  # authentication (SSO) without enforcing policies (authorization)
  com.sun.am.policy.agents.config.do_sso_only = true
  # The URL of the access denied page. If no value is specified, then
  # the agent will return an HTTP status of 403 (Forbidden).
  com.sun.am.policy.agents.config.accessdenied.url =
  # This property indicates if FQDN checking is enabled or not.
  com.sun.am.policy.agents.config.fqdn.check.enable = true
  # Default FQDN is the fully qualified hostname that the users should use
  # in order to access resources on this web server instance. This is a
  # required configuration value without which the Web server may not
  # startup correctly.
  # The primary purpose of specifying this property is to ensure that if
  # the users try to access protected resources on this web server
  # instance without specifying the FQDN in the browser URL, the Agent
  # can take corrective action and redirect the user to the URL that
  # contains the correct FQDN.
  # This property is set during the agent installation and need not be
  # modified unless absolutely necessary to accommodate deployment
  # requirements.
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
  # com.sun.am.policy.agents.config.fqdn.map
  com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
  # The FQDN Map is a simple map that enables the Agent to take corrective
  # action in the case where the users may have typed in an incorrect URL
  # such as by specifying partial hostname or using an IP address to
  # access protected resources. It redirects the browser to the URL
  # with fully qualified domain name so that cookies related to the domain
  # are received by the agents.
  # The format for this property is:
  # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
  # This property can also be used so that the agents use the name specified
  # in this map instead of the web server's actual name. This can be
  # accomplished by doing the following.
  # Say you want your server to be addressed as xyz.hostname.com whereas the
  # actual name of the server is abc.hostname.com. The browsers only knows
  # xyz.hostname.com and you have specified polices using xyz.hostname.com at
  # the Access Manager policy console, in this file set the mapping as
  # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
  # Another example is if you have multiple virtual servers say rst.hostname.com,
  # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
  # abc.hostname.com and each of the virtual servers have their own policies
  # defined, then the fqdnMap should be defined as follows:
  # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  com.sun.am.policy.agents.config.fqdn.map =
  # Cookie Reset
  # This property must be set to true, if this agent needs to
  # reset cookies in the response before redirecting to
  # Access Manager for Authentication.
  # By default this is set to false.
  # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
  com.sun.am.policy.agents.config.cookie.reset.enable=false
  # This property gives the comma separated list of Cookies, that
  # need to be included in the Redirect Response to Access Manager.
  # This property is used only if the Cookie Reset feature is enabled.
  # The Cookie details need to be specified in the following Format
  # name[=value][;Domain=value]
  # If "Domain" is not specified, then the default agent domain is
  # used to set the Cookie.
  # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
  # token=value;Domain=subdomain.domain.com
  com.sun.am.policy.agents.config.cookie.reset.list=
  # This property gives the space separated list of domains in
  # which cookies have to be set in a CDSSO scenario. This property
  # is used only if CDSSO is enabled.
  # If this property is left blank then the fully qualified cookie
  # domain for the agent server will be used for setting the cookie
  # domain. In such case it is a host cookie instead of a domain cookie.
  # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
  com.sun.am.policy.agents.config.cookie.domain.list=
  # user id returned if accessing global allow page and not authenticated
  com.sun.am.policy.agents.config.anonymous_user=anonymous
  # Enable/Disable REMOTE_USER processing for anonymous users
  # true | false
  com.sun.am.policy.agents.config.anonymous_user.enable=false
  # Not enforced list is the list of URLs for which no authentication is
  # required. Wildcards can be used to define a pattern of URLs.
  # The URLs specified may not contain any query parameters.
  # Each service have their own not enforced list. The service name is suffixed
  # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
  # for a particular service. SPACE is the separator between the URL.
  com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
  OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
  # Boolean attribute to indicate whether the above list is a not enforced list
  # or an enforced list; When the value is true, the list means enforced list,
  # or in other words, the whole web site is open/accessible without
  # authentication except for those URLs in the list.
  com.sun.am.policy.agents.config.notenforced_list.invert = false
  # Not enforced client IP address list is a list of client IP addresses.
  # No authentication and authorization are required for the requests coming
  # from these client IP addresses. The IP address must be in the form of
  # eg: 192.168.12.2 1.1.1.1
  com.sun.am.policy.agents.config.notenforced_client_ip_list =
  # Enable POST data preservation; By default it is set to false
  com.sun.am.policy.agents.config.postdata.preserve.enable = false
  # POST data preservation : POST cache entry lifetime in minutes,
  # After the specified interval, the entry will be dropped
  com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
  # Cross-Domain Single Sign On URL
  # Is CDSSO enabled.
  com.sun.am.policy.agents.config.cdsso.enable=false
  # This is the URL the user will be redirected to for authentication
  # in a CDSSO Scenario.
  com.sun.am.policy.agents.config.cdcservlet.url =
  # Enable/Disable client IP address validation. This validate
  # will check if the subsequent browser requests come from the
  # same ip address that the SSO token is initially issued against
  com.sun.am.policy.agents.config.client_ip_validation.enable = false
  # Below properties are used to define cookie prefix and cookie max age
  com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
  com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
  # Logout URL - application's Logout URL.
  # This URL is not enforced by policy.
  # if set, agent will intercept this URL and destroy the user's session,
  # if any. The application's logout URL will be allowed whether or not
  # the session destroy is successful.
  com.sun.am.policy.agents.config.logout.url=
  #http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
  # Any cookies to be reset upon logout in the same format as cookie_reset_list
  com.sun.am.policy.agents.config.logout.cookie.reset.list =
  # By default, when a policy decision for a resource is needed,
  # agent gets and caches the policy decision of the resource and
  # all resource from the root of the resource down, from the Access Manager.
  # For example, if the resource is http://host/a/b/c, the the root of the
  # resource is http://host/. This is because more resources from the
  # same path are likely to be accessed subsequently.
  # However this may take a long time the first time if there
  # are many many policies defined under the root resource.
  # To have agent get and cache the policy decision for the resource only,
  # set the following property to false.
  com.sun.am.policy.am.fetch_from_root_resource = true
  # Whether to get the client's hostname through DNS reverse lookup for use
  # in policy evaluation.
  # It is true by default, if the property does not exist or if it is
  # any value other than false.
  com.sun.am.policy.agents.config.get_client_host_name = false
  # The following property is to enable native encoding of
  # ldap header attributes forwarded by agents. If set to true
  # agent will encode the ldap header value in the default
  # encoding of OS locale. If set to false ldap header values
  # will be encoded in UTF-8
  com.sun.am.policy.agents.config.convert_mbyte.enable = false
  #When the not enforced list or policy has a wildcard '*' character, agent
  #strips the path info from the request URI and uses the resulting request
  #URI to check against the not enforced list or policy instead of the entire
  #request URI, in order to prevent someone from getting access to any URI by
  #simply appending the matching pattern in the policy or not enforced list.
  #For example, if the not enforced list has the value http://host/*.gif,
  #stripping the path info from the request URI will prevent someone from
  #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
  #However when a web server (for exmample apache) is configured to be a reverse
  #proxy server for a J2EE application server, path info is interpreted in a different
  #manner since it maps to a resource on the proxy instead of the app server.
  #This prevents the not enforced list or policy from being applied to part of
  #the URI below the app serverpath if there is a wildcard character. For example,
  #if the not enforced list has value http://host/webapp/servcontext/* and the
  #request URL is http://host/webapp/servcontext/example.jsp the path info
  #is /servcontext/example.jsp and the resulting request URL with path info stripped
  #is http://host/webapp, which will not match the not enforced list. By setting the
  #following property to true, the path info will not be stripped from the request URL
  #even if there is a wild character in the not enforced list or policy.
  #Be aware though that if this is set to true there should be nothing following the
  #wildcard character '*' in the not enforced list or policy, or the
  #security loophole described above may occur.
  com.sun.am.policy.agents.config.ignore_path_info = false
  # Override the request url given by the web server with
  # the protocol, host or port of the agent's uri specified in
  # the com.sun.am.policy.agents.agenturiprefix property.
  # These may be needed if the agent is sitting behind a ssl off-loader,
  # load balancer, or proxy, and either the protocol (HTTP scheme),
  # hostname, or port of the machine in front of agent which users go through
  # is different from the agent's protocol, host or port.
  com.sun.am.policy.agents.config.override_protocol =
  com.sun.am.policy.agents.config.override_host =
  com.sun.am.policy.agents.config.override_port =
  # Override the notification url in the same way as other request urls.
  # Set this to true if any one of the override properties above is true,
  # and if the notification url is coming through the proxy or load balancer
  # in the same way as other request url's.
  com.sun.am.policy.agents.config.override_notification.url =
  # The following property defines how long to wait in attempting
  # to connect to an Access Manager AUTH server.
  # The default value is 2 seconds. This value needs to be increased
  # when receiving the error "unable to find active Access Manager Auth server"
  com.sun.am.policy.agents.config.connection_timeout =
  # Time in milliseconds the agent will wait to receive the
  # response from Access Manager. After the timeout, the connection
  # will be drop.
  # A value of 0 means that the agent will wait until receiving the response.
  # WARNING: Invalid value for this property can result in
  # the resources becoming inaccessible.
  com.sun.am.receive_timeout = 0
  # The three following properties are for IIS6 agent only.
  # The two first properties allow to set a username and password that will be
  # used by the authentication filter to pass the Windows challenge when the Basic
  # Authentication option is selected in Microsoft IIS 6.0. The authentication
  # filter is named amiis6auth.dll and is located in
  # Agent_installation_directory/iis6/bin. It must be installed manually on
  # the web site ("ISAPI Filters" tab in the properties of the web site).
  # It must also be uninstalled manually when unintalling the agent.
  # The last property defines the full path for the authentication filter log file.
  com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilter

  Hi,
  I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
  2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
  I have the box to identify but it doesnot connect me on my opensso server.
  It still identify with Domino's server
  Thanks for your response
  Thomas

• How to talk with a manager

  I have had an ongoing billing issue since December.  I have been calling the customer support number explaining the issue over and over again with 30 to 60 minuet conversations and every time the representative has assured me things were taken care of.  When I get my bill the issue remains.  Recently I had a 2 hour conversation representative named Ryan and he was very helpful and explained that it was 100% Verizon's issue but did not know how to straighten out so sent me an email and said after supervisors discussed he would be I contact. After a week of being told via email supervisors were working on it, I asked what could be so difficult, if they could stop talking about it and just correct it.  I also asked to speak with a manager in an email. Ryan indicated he was sending on toa manager named Kolten.  A manager named Kolten called 4 days ago and I missed the call but have left at least 2 messages a day at different times hoping to catch him but also asking for a call back and if he missed me a time I could call him.  Nothing. I have reached back out to Ryan in three emails and nothing.  I am concerned that Verizon would have customer service people and a manager that would just stop communicating.  Is there a way to get another level of management that could not only handle the issue but also answer why people that are suppose to be helping just walk away from a customer?  Any help with this would be greatly appreciated.  Maybe I need to go to the store?
  >> Edited to comply with the Verizon Wireless Terms of Service <<
  Message was edited by: Verizon Moderator

  Thank you for your willingness to help.  You may want to go back and read all the comments on my account.  There is a huge history and record of my calls. It started back in December when I upgraded my daughters phone to an I 6.  (4683)  number on account) and added a phone for my youngest.  I was talked into the Edge program at the store on around 12-18-14.  It was a Christmas Gift for both.  Regardless by 12-31-14 the I 6 stopped working, it would not take a charge or turn on.  We took the phone to a store near our home (not the one where I signed up for the Edge program).  The people at the store tried to help and were on the phone with a Verizon representative for a while.  It was decided that I needed to provide my credit card so they could charge me a deposit and they would send me a new phone and as soon as they received the old (non working phone) they would credit me back the deposit.  We received the new phone and sent back the old (Verizon received on 1-17-15). I received my firs bill and fond a $450 charged for the phone and a $35 restock fee and then on my credit card got hit with a $235 charge for the phone.  This started my calls to customer service.  I was told not to pay the $450 and as it was for the phone and as soon as the warehouse did their paper work I would get the credit.  I will save the play by ply but called several more time and was told the same thing including the warehouse was backed up and they were suppose to put some note on the account saying why the bill was not paid.  I have always paid all other service charges every month just deducted the $450.  So 3 months later and the charge remains.   Beginning of march and went through all this with a rep and was told a supervisor was looking into it and charges would be reversed because it has gone on too long and none of this is my fault.  Also from my bill we discovered that the (4683 number) was not in the Edge program so I asked why and was told they needed to look into it and a supervisor  as it has gone too long.  Never happened.  I called Sunday 3-15 and went through everything again and was told a same thing and a supervisor would call...  Nothing..  I called 3-17 and talked to Ryan and spent 2 hours on the phone.  He was very helpful and we found the $450 was not for the phone it was for canceling the Verizon edge program and the $235 on my card was for the remaining cost of the phone.  After 2 hours and being told 3 or 4 supervisors were discussing what to do but could not come up with a clear answer he said they would call the next day with resolution.  Given I have gone down that road and no calls he gave me his email address so we could communicate.  So after about a week of emails he indicated supervisors were still reviewing.  Meanwhile I received a letter from Verizon indicating I was not eligible for the Edge program do an outstanding balance (really) and now I have concerns Verizon is knocking my credit even though they have reversed all late fees and indicated none of this was my doing and not to pay the $450 as it suppose to be reversed!  I asked Ryan if the Supervisors could stop reviewing and do something about this as it had been another week Ryan and I have been emailing.  I also asked if there was a manage I could talk with and was told he sent to Kelton and he would call (this was Sunday night (3-22-15) within 24 hours.  24 hours went buy and another email to Ryan saying no one called.  Kelton finally called Tuesday (3-24-15) and I missed the call due to being in a meeting at work.  I called back with in an hour and now have called Kelton at least two times a day and just receive voice mail. I have asked to be called back but nothing!  I have emailed Ryan at least 3 times asking for an update or why he nor Kelton are responding but as of today 3-28 Nothing!  I guess its your turn.  Let me know what the next step is as I am extremely frustrated with this entire situation as its awful how your customer service representatives can not resolve an issue and I have spent hours on the phone documenting and emailing.   
  >> Edited by Verizon Moderator to comply with the Verizon Wireless Terms of Service <<

• Whenever I update my iPhone software, it asks me to sign in to iCloud with an old email address.  My other devices all have the correct address.  How can I get the correct address for my iPhone?  The only Apple ID that works for logging in is my new one.

  Whenever I update my iPhone software, it asks me to sign in to iCloud with an old email address.  My other devices all have the correct address.  How can I get the correct address for my iPhone?  The only Apple ID that works for logging in is my new one.

  To change the iCloud ID you have to go to Settings>iCloud, tap Delete Account, provide the password for the old ID when prompted to turn off Find My iPhone (if you're using iOS 7), then sign back in with the ID you wish to use.  If you don't know the password for your old ID, or if it isn't accepted, go to https//appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Tap edit next to the primary email account, tap Edit, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iPhone on your device, even though it prompts you for the password for your old account ID. Then go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https//appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• HT204053 i changed my email address (apple id) on my pc, but now my ipad is asking me for my password with the old email address...and not accepting the old or new password.how do i change it/sync it?

  I changed my email address (apple id) and password on my pc, but now my ipad mini icloud is asking me for my  icloud password with the old email address and not accepting the old one or the new one..how do i change it / sync it?

  To change the iCloud ID you have to go to Settings>iCloud, tap Delete Account, provide the password for the old ID when prompted to turn off Find My iDevice, then sign back in with the ID you wish to use.  If you don't know the password for your old ID, or if it isn't accepted, and your old ID is an earlier version of your current ID, go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iDevice on your device, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• MULTIPLE PROBLEMS STILL WITH DESKTOP MANAGER 1.0.1

  Could you please let me know if you are having the same problems with the new desktop manager for Mac 1.0.1.  (simply state the number on the list below - no need to write anything else)
  I doubt very much anyone has a fix for the problems since RIM doesn't, but could you just post a quick reply identifying which of the following issues you're also having in the list below.  I Would like to prove to RIM how many people are having the same issues - I'm not so sure they realize how pervasive these issues are. Thanks
  (1) Several fields in each contact in my Mac Address Book are not transferred to my Blackberry, for instance: the phone number category "Work 2", the phone number category "Other", the email category "home" - if there is two of them only one is transferred;
  (2) It cuts off the end of the "Note" section in the Address Book contacts;
  (3) The software crashes when syncing Entourage calendar;
  (4)  The software severely retards the functioning of my other programs while syncing the Entourage calendar and it is necessary to restart my computer for normal function to resume;
  (5) Calendar event alarms are removed from my blackberry even though they are active on my desktop; and
  (6) Some recurring Calendar events are not transferred over to my Blackberry.
  Lance

  My problems are also different.  It was working for a while (a few weeks and maybe 4 syncs).  Now, it always gives an non-descript "Sync Error" message when trying to sync Contacts with Address Book on my MacBook running Mac OSX 10.5.8, and DTM 1.0.1.   I've UNinstalled it, REinstalled it, and can get it to sync with iCal, but not Address Book.
  I've tried all sorts of possible solutions, like eliminating all the Groups in my address book and only having 1.  I've tried clearing the Blackberry data before syncing.  I've tried syncing both directions, and I've tried syncing with overwriting everying in the Blackberry.  None of those solutons works.   I also had problems with iCal, but got that to sync by clearing the calendar on the BB first, then syncing calendar alone (not with contacts).
  I cant even express how disappointed I am with the Blackberry Destop Manager after waiting for more than year for it after PocketMac failed as a useless piece of code.   The limited setup features, and now its lack of any useful functionality has me ready to dump my Blackberry for an iPhone.   If that happens RIM, I won't be back, and I won't be advising any associates to stick with Blackberry.  I'm at the end of my consumer satisfaction, so you don't need to spend millions with J.D. Power to figure this one out.  Just make the **bleep** thing work with a MAC!  (Just in case anyone from RIM is lurking...you'd think at least one of those software guys would use a Mac?)!!

• I want to switch my user id with my rescue email address, how can i change my rescue email address to something else to free that up?

  i want to switch my user id with my rescue email address, how can i change my rescue email address to something else to free that up?

  Hi EllaBella0902,
  Welcome to the Support Communities!
  The information below may be able to answer your questions about how to change your rescue email address:
  Manage your Apple ID primary, rescue, alternate, and notification email addresses
  http://support.apple.com/kb/HT5620?viewlocale=en_US
  Before you make any changes, you may want to review the information in the Frequently Asked Questions section of this article:
  Using your Apple ID for Apple services
  http://support.apple.com/kb/HT4895
  This article explains how to update the information in the various services that use the Apple ID if you change it:
  Apple ID: What to do after you change your Apple ID
  http://support.apple.com/kb/HT5796?viewlocale=en_US&locale=en_US
  Cheers,
  - Judy

• A have new problem that has appeared in my Mac Mail.  When I type a frequently used email into the 'To: line' it populates the correct name but with 8 different email addresses not associated with that name.

  A have new problem that has appeared in my Mac Mail.  When I type a frequently used email into the 'To: line' it populates the correct name but with 8 different email addresses not associated with that name.  I have gone to the window pop-down to 'previous recipients' and deleted that addressee as well as all the email addresses it is assigning to that name.  I have also deleted the account entirely from my address book.  I have have run repair permissions and also full defrag in iDefrag.  Still the problem persists.  Any suggestions?

  Hello CarolineLongEaton,
  I noticed you posted this problem quite a while ago and wondered if you managed to have it fixed in an alternative way then posting here. It is too bad no one has posted a solution here. I have a similar problem and if you have had yours solved since this occurance how you accomplished it may help me with mine. I am interested to know what you have done about yours.
  If you are interested in comparing the problems to see if your solution (if you have found one) might help me also then here is the link to the discussion.
  https://discussions.apple.com/thread/6116927
  If your problem has not been solved then I will comment here again if/when my issue is resolved as it may help you too. My hope here is that we may help each other. To quote you "all ideas gratefuly recieved". I hope your problem was resolved, ernestly for your sake and selfishly for mine also. I wish you and yours a great day!
  dofromon